Anna Prosvetova, a security researcher from Saint Petersburg, Russia, said she identified vulnerabilities in the backend API and firmware of FurryTail smart pet feeders.
These are smart pet food containers that can be configured with the help of a mobile app to release small quantities of food at certain times of day.
FurryTail devices are specifically built to handle cat and dog food, and are often used when owners leave pets alone in houses or apartments while they leave for long trips.
Prosvetova said that while looking at a device she bought from AliExpress for only $80, she found that the API allowed her to see all other FurryTail devices active located across the world.
In total, she found 10,950 devices, on which the researcher claimed she could have changed feeding schedules without needing a password.
Furthermore, she found that the devices were also using an ESP8266 chipset for WiFi connectivity. She said that a vulnerability in this chipset would have allowed an attacker to download and install new firmware, and then reboot the feeders so the changes take hold.
Prosvetova said the vulnerabilities would have been ideal for hackers looking into hijacking the pet feeders into an IoT DDoS botnet, as the entire process could be easily automated and carried out at scale.
For more information: https://hpets.org/index.php?option=com_ ... icle&id=71